In many situations, two (or more) systems, separate from each other, need to perform an operation or a form of processing using a shared secret. The shared secret can, by way of example, have been determined via a key agreement protocol. To protect the secret from being compromised, it is advantageous not to save a key associated with the secret to system storage, but rather, to maintain the key in system memory. Challenges arise, however, if either of the two (or more) system crashes or exits. In such a scenario, the key will be lost.
Nonetheless, existing storage security approaches include storing a shared secret on a storage disk. However, as noted, in such approaches, an attacker can retrieve the secret value from the storage. Additional existing approaches include encrypting a shared secret with a symmetric key and saving the shared secret with the symmetric key on a storage disk. However, in such approaches, if the storage is compromised, then both the encrypted secret and the key to decrypt that secret, as a result of being stored on the same storage, are vulnerable.
Accordingly, a need exists for storing a shared secret so that in the case of system failure and/or exit or restart, the secret can be recovered without an attacker being able to recover the key from storage media.